Comments

Marcel reported that it is possible to inject JavaScript into Bodhi's web interface through Bugzilla ticket subjects. The reporter cited an update that did not properly escape tags from the bug it was associated with.

We should run the bugzilla text through bleach, similar to what we do for comments from our users.